cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: [CXF-5628] Fixes to Base64URLUtility and HmacUtils
Date Thu, 20 Mar 2014 10:54:38 GMT
Repository: cxf
Updated Branches:
  refs/heads/2.7.x-fixes 39a0f5868 -> a04262693


[CXF-5628] Fixes to Base64URLUtility and HmacUtils


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a0426269
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a0426269
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a0426269

Branch: refs/heads/2.7.x-fixes
Commit: a04262693f199507617833f78cfc636a209cfe87
Parents: 39a0f58
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Thu Mar 20 10:29:09 2014 +0000
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Thu Mar 20 10:54:10 2014 +0000

----------------------------------------------------------------------
 .../code/AuthorizationCodeGrantHandler.java     |  11 +-
 .../security/oauth2/utils/Base64UrlUtility.java | 359 ++-----------------
 .../oauth2/utils/MessageDigestGenerator.java    |   6 +-
 3 files changed, 36 insertions(+), 340 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/a0426269/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
index 1a4276f..c414486 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
@@ -19,11 +19,8 @@
 
 package org.apache.cxf.rs.security.oauth2.grants.code;
 
-import java.io.StringWriter;
-
 import javax.ws.rs.core.MultivaluedMap;
 
-import org.apache.cxf.common.util.Base64Exception;
 import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
 import org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler;
@@ -96,13 +93,7 @@ public class AuthorizationCodeGrantHandler extends AbstractGrantHandler
{
         byte[] digest = mdg.createDigest(tempClientSecret, "SHA-256");
         int length = digest.length > 128 / 8 ? 128 / 8 : digest.length;
         
-        StringWriter stringWriter = new StringWriter();
-        try {
-            Base64UrlUtility.encode(digest, 0, length, stringWriter);
-        } catch (Base64Exception e) {
-            throw new OAuthServiceException("server_error", e);
-        }
-        String expectedHash = stringWriter.toString();
+        String expectedHash = Base64UrlUtility.encodeChunk(digest, 0, length);
         return tempClientSecretHash.equals(expectedHash);
         
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/a0426269/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/Base64UrlUtility.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/Base64UrlUtility.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/Base64UrlUtility.java
index 5d1075d..76beabf 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/Base64UrlUtility.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/Base64UrlUtility.java
@@ -20,361 +20,62 @@
 package org.apache.cxf.rs.security.oauth2.utils;
 
 /**
- * Base64 URL Encoding/Decoding utility (character 62 is '-', 63 - '_')
- * TODO: 
- *  - encoding: exclude padding characters by default, 
- *  - decoding: calculate a number of missing padding characters 
- *    based on a number of base64url encoded octets
- *    
- *  - once the above two points are addressed, consider extracting 
- *    most of Base64Utility into Base64EncoderDecoder and extending it
- *    with Base64UrlEncoderDecoder to minimize the duplication 
+ * Base64 URL Encoding/Decoding utility.
+ *  
+ * Character 62 ('+') is '-', Character 63 ('/') is '_';
+ * Padding characters are dropped after the encoding.   
  *                  
  */
 
-import java.io.IOException;
-import java.io.OutputStream;
-import java.io.StringWriter;
 import java.io.UnsupportedEncodingException;
-import java.io.Writer;
 import java.util.logging.Logger;
 
 import org.apache.cxf.common.i18n.Message;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.Base64Exception;
+import org.apache.cxf.common.util.Base64Utility;
 
 
 public final class Base64UrlUtility {
-    
     private static final Logger LOG = LogUtils.getL7dLogger(Base64UrlUtility.class);
-
-    private static final String ENCODED_PAD = "%3D";
-        
-    // Base 64 URL character set
-    //
-    private static final char[] BCS = {
-        'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 
-        'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 
-        'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 
-        'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 
-        'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 
-        'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', 
-        '8', '9', '-', '_'
-    };
-
-    // base 64 wadding
-    private static final char PAD = '=';
-
-    // size of base 64 decode table
-    private static final int BDTSIZE = 128;
-
-    // base 64 decode table  
-    private static final byte[] BDT = new byte[128];
-
-    
-    private static final int PAD_SIZE0 = 1;
-    private static final int PAD_SIZE4 = 2;
-    private static final int PAD_SIZE8 = 3;
-    
-    // class static intializer for building decode table
-    static {
-        for (int i = 0;  i < BDTSIZE;  i++) {
-            BDT[i] = Byte.MAX_VALUE;
-        }
-
-        for (int i = 0;  i < BCS.length;  i++) {
-            BDT[BCS[i]] = (byte)i;
-        }
-    }
-    
     
     private Base64UrlUtility() {
         //utility class, never constructed
     }
     
-    /**
-     * The <code>decode_chunk</code> routine decodes a chunk of data
-     * into its native encoding.
-     *
-     * base64 encodes each 3 octets of data into 4 characters from a
-     * limited 64 character set. The 3 octets are joined to form
-     * 24 bits which are then split into 4 x 6bit values. Each 6 bit
-     * value is then used as an index into the 64 character table of
-     * base64 chars. If the total data length is not a 3 octet multiple
-     * the '=' char is used as padding for the final 4 char group, 
-     * either 1 octet + '==' or 2 octets + '='.
-     *
-     * @param   id  The input data to be processed
-     * @param   o   The offset from which to begin processing
-     * @param   l   The length (bound) at which processing is to end
-     * @return  The decoded data   
-     * @exception   Base64Exception Thrown is processing fails due to
-     * formatting exceptions in the encoded data 
-     */
-    public static byte[] decodeChunk(char[] id,
-                                     int o,
-                                     int l) 
-        throws Base64Exception {
-        
-        // Keep it simple - must be >= 4. Unpadded
-        // base64 data contain < 3 octets is invalid.
-        //
-        if ((l - o) < 4) {
-            return null;
-        }
-
-        char[] ib = new char[4];
-        int ibcount = 0;
-
-        // cryan. Calc the num of octets. Each 4 chars of base64 chars
-        // (representing 24 bits) encodes 3 octets. 
-        //
-        int octetCount = 3 * (l / 4);
-
-        // Final 4 chars may contain 3 octets or padded to contain
-        // 1 or 2 octets.
-        //
-        if (id[l - 1] == PAD) {
-            // TT== means last 4 chars encode 8 bits (ie subtract 2)
-            // TTT= means last 4 chars encode 16 bits (ie subtract 1)
-            octetCount -= (id[l - 2] == PAD) ? 2 : 1;
-        }
-
-        byte[] ob = new byte[octetCount];
-        int obcount = 0;
-
-        for (int i = o;  i < o + l && i < id.length;  i++) {
-            if (id[i] == PAD
-                || id[i] < BDT.length
-                && BDT[id[i]] != Byte.MAX_VALUE) {
-                
-                ib[ibcount++] = id[i];
-
-                // Decode each 4 char sequence.
-                //
-                if (ibcount == ib.length) {
-                    ibcount = 0;
-                    obcount += processEncodeme(ib, ob, obcount);
-                }
-            }
-        }
-        
-        if (obcount != ob.length) {
-            byte []tmp = new byte[obcount];
-            System.arraycopy(ob, 0, tmp, 0, obcount);
-            ob = tmp;
-        }
-
-        return ob;
-    }
-
-    public static byte[] decode(String id) throws Base64Exception {
-        int count = 0;
-        while (id.endsWith(ENCODED_PAD)) {
-            id = id.substring(0, id.length() - ENCODED_PAD.length());
-            count++;
-        }
-        for (int i = 0; i < count; i++) {
-            id += PAD;
-        }
-        
-        try {
-            char[] cd = id.toCharArray();
-            return decodeChunk(cd, 0, cd.length);
-        } catch (Exception e) {
-            LOG.warning("Invalid base64 encoded string : " + id);
-            throw new Base64Exception(new Message("BASE64_RUNTIME_EXCEPTION", LOG), e);
-        }
-    }
-
-    public static void decode(char[] id,
-                             int o,
-                             int l,
-                             OutputStream ostream) 
-        throws Base64Exception {
-
-        try {
-            ostream.write(decodeChunk(id, o, l));
-        } catch (Exception e) {
-            LOG.warning("Invalid base64 encoded string : " + new String(id));
-            throw new Base64Exception(new Message("BASE64_RUNTIME_EXCEPTION", LOG), e);
-        }
-    }
-
-    public static void decode(String id,
-                              OutputStream ostream) 
-        throws Base64Exception {
-        
-        try {
-            char[] cd = id.toCharArray();
-            ostream.write(decodeChunk(cd, 0, cd.length));
-        } catch (IOException ioe) {
-            throw new Base64Exception(new Message("BASE64_DECODE_IOEXCEPTION", LOG), ioe);
-        } catch (Exception e) {
-            LOG.warning("Invalid base64 encoded string : " + id);
-            throw new Base64Exception(new Message("BASE64_RUNTIME_EXCEPTION", LOG), e);
-        }
-    }
-
-    // Returns base64 representation of specified byte array.
-    //
-    public static String encode(byte[] id) {
-        char[] cd = encodeChunk(id, 0, id.length);
-        return new String(cd, 0, cd.length);
-    }
-
-    // Returns base64 representation of specified byte array.
-    //
-    public static char[] encodeChunk(byte[] id,
-                                     int o,
-                                     int l) {
-        if (l <= 0) {
-            return null;
-        }
-
-        char[] out;
-
-        // If not a multiple of 3 octets then a final padded 4 char
-        // slot is needed.
-        //
-        if ((l - o) % 3 == 0) {
-            out = new char[l / 3 * 4];
-        } else {
-            out = new char[l / 3 * 4 + 4];
-        }
-
-        int rindex = o;
-        int windex = 0;
-        int rest = l - o;
-
-        while (rest >= 3) {
-            int i = ((id[rindex] & 0xff) << 16)
-                    + ((id[rindex + 1] & 0xff) << 8)
-                    + (id[rindex + 2] & 0xff);
-
-            out[windex++] = BCS[i >> 18];
-            out[windex++] = BCS[(i >> 12) & 0x3f];
-            out[windex++] = BCS[(i >> 6) & 0x3f];
-            out[windex++] = BCS[i & 0x3f];
-            rindex += 3;
-            rest -= 3;
-        }
-
-        if (rest == 1) {
-            int i = id[rindex] & 0xff;
-            out[windex++] = BCS[i >> 2];
-            out[windex++] = BCS[(i << 4) & 0x3f];
-            out[windex++] = PAD;
-            out[windex++] = PAD;
-        } else if (rest == 2) {
-            int i = ((id[rindex] & 0xff) << 8) + (id[rindex + 1] & 0xff);
-            out[windex++] = BCS[i >> 10];
-            out[windex++] = BCS[(i >> 4) & 0x3f];
-            out[windex++] = BCS[(i << 2) & 0x3f];
-            out[windex++] = PAD;
-        }
-        return out;
+    public static byte[] decode(String encoded) throws Base64Exception {
+        encoded = encoded.replace("-", "+").replace('_', '/');
+        switch (encoded.length() % 4) {
+        case 0: 
+            break; 
+        case 2: 
+            encoded += "=="; 
+            break; 
+        case 3: 
+            encoded += "="; 
+            break; 
+        default: 
+            throw new Base64Exception(new Message("BASE64_RUNTIME_EXCEPTION", LOG));
+        }
+        return Base64Utility.decode(encoded);
     }
 
-    //
-    // Outputs base64 representation of the specified byte array 
-    // to a byte stream.
-    //
-    public static void encodeChunk(byte[] id,
-                                   int o,
-                                   int l,
-                                   OutputStream ostream) throws Base64Exception {
+    public static String encode(String str) throws Base64Exception {
         try {
-            ostream.write(new String(encodeChunk(id, o, l)).getBytes());
-        } catch (IOException e) {
-            throw new Base64Exception(new Message("BASE64_ENCODE_IOEXCEPTION", LOG), e);
-        }
-    }
-
-    public static String encode(String value) throws Base64Exception {
-        StringWriter writer = new StringWriter();
-        Base64UrlUtility.encode(value, writer);
-        return writer.toString();
-    }
-    
-    public static void encode(String value, Writer writer) throws Base64Exception {
-        byte[] chunk = null;
-        try {
-            chunk = value.getBytes("UTF-8");
+            return encode(str.getBytes("UTF-8"));
         } catch (UnsupportedEncodingException ex) {
-            // won't happen
+            throw new RuntimeException(ex);
         }
-        Base64UrlUtility.encode(chunk, 0, chunk.length, writer);
-        
     }
     
-
-    // Outputs base64 representation of the specified byte 
-    // array to a character stream.
-    //
-    public static void encode(byte[] id,
-                              int o,
-                              int l,
-                              Writer writer) throws Base64Exception {
-        try {
-            writer.write(encodeChunk(id, o, l));
-        } catch (IOException e) {
-            throw new Base64Exception(new Message("BASE64_ENCODE_WRITER_IOEXCEPTION", LOG),
e);
-        }
+    public static String encode(byte[] id) {
+        return encodeChunk(id, 0, id.length);
     }
 
-
-    //---- Private static methods --------------------------------------
-
-    /**
-     * The <code>process</code> routine processes an atomic base64
-     * unit of encoding (encodeme) into its native encoding. This class is
-     * used by decode routines to do the grunt work of decoding
-     * base64 encoded information
-     *
-     * @param   ib  Input character buffer of encoded bytes
-     * @param   ob  Output byte buffer of decoded bytes
-     * @param   p   Pointer to the encodeme of interest
-     * @return  The decoded encodeme
-     * @exception   Base64Exception Thrown is processing fails due to
-     * formatting exceptions in the encoded data 
-     */ 
-    private static int processEncodeme(char[] ib,
-                                       byte[] ob,
-                                       int p) 
-        throws Base64Exception {
-        
-
-        int spad = PAD_SIZE8;        
-        if (ib[3] == PAD) {
-            spad = PAD_SIZE4;
-        }
-        if (ib[2] == PAD) {
-            spad = PAD_SIZE0;
-        }
-
-        int b0 = BDT[ib[0]];
-        int b1 = BDT[ib[1]];
-        int b2 = BDT[ib[2]];
-        int b3 = BDT[ib[3]];
-
-        switch (spad) {
-        case PAD_SIZE0:
-            ob[p] = (byte)(b0 << 2 & 0xfc | b1 >> 4 & 0x3);
-            return PAD_SIZE0;
-        case PAD_SIZE4:
-            ob[p++] = (byte)(b0 << 2 & 0xfc | b1 >> 4 & 0x3);
-            ob[p] = (byte)(b1 << 4 & 0xf0 | b2 >> 2 & 0xf);
-            return PAD_SIZE4;
-        case PAD_SIZE8:
-            ob[p++] = (byte)(b0 << 2 & 0xfc | b1 >> 4 & 0x3);
-            ob[p++] = (byte)(b1 << 4 & 0xf0 | b2 >> 2 & 0xf);
-            ob[p] = (byte)(b2 << 6 & 0xc0 | b3 & 0x3f);
-            return PAD_SIZE8;
-        default:
-            // We should never get here
-            throw new IllegalStateException();
-        } 
-    } 
+    public static String encodeChunk(byte[] id, int offset, int length) {
+        String encoded = new String(Base64Utility.encodeChunk(id, offset, length));
+        return encoded.replace("+", "-").replace('/', '_').replace("=", "");
+    }
+     
 
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/a0426269/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/MessageDigestGenerator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/MessageDigestGenerator.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/MessageDigestGenerator.java
index fbde43b..15d4870 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/MessageDigestGenerator.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/MessageDigestGenerator.java
@@ -29,7 +29,11 @@ import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
  * random values
  */
 public class MessageDigestGenerator {
-    private String algorithm = "MD5";
+    public static final String ALGO_SHA_1 = "SHA-1";
+    public static final String ALGO_SHA_256 = "SHA-256";
+    public static final String ALGO_MD5 = "MD5";
+    
+    private String algorithm = ALGO_MD5;
         
     public String generate(byte[] input) throws OAuthServiceException {
         if (input == null) {


Mime
View raw message